alpha-vantage

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The command includes a high-entropy token: "skpi-sv91leuk567ej1u57yyfzyfk" passed to refly as --id. This matches the pattern of actual API/secret keys (similar to "sk-live-...") and is not a generic placeholder (it is not "sk-xxxx" or truncated). Other identifiers in the doc (e.g., "we-xxx" placeholder, the workflow path "c-blhl1uxs9ae9qoiyoh3dvxii") are either explicitly placeholder formats or non-secret resource IDs, so they are ignored. Because the skpi- token appears to be a real, usable credential, it should be treated as a hardcoded secret.